IcedInsanity Skrevet 24. april 2010 Rapporter Del Skrevet 24. april 2010 (endret) hei. Sitter på en pc som ei vennine har, kan noen se over loggene? takk Mbam logg Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Databaseversjon: 4029 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 24.04.2010 12:27:46 mbam-log-2010-04-24 (12-27-46).txt Skanntype: Hurtigsøk Objekter skannet: 144761 Tid tilbakelagt: 7 minutt(er), 52 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 6 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (IM.Worm) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\captura.bmp (Malware.Traces) -> Quarantined and deleted successfully. C:\codigo1.bmp (Malware.Traces) -> Quarantined and deleted successfully. C:\codigo2.bmp (Malware.Traces) -> Quarantined and deleted successfully. C:\codigo3.bmp (Malware.Traces) -> Quarantined and deleted successfully. C:\codigo4.bmp (Malware.Traces) -> Quarantined and deleted successfully. C:\error.bmp (Malware.Traces) -> Quarantined and deleted successfully. Combo logg ComboFix 10-04-21.01 - eliven 24.04.2010 13:01:48.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2038.1335 [GMT 2:00] Kjører fra: c:\documents and settings\eliven.UNETT\Mine dokumenter\Nedlastinger\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Forrige skanning ------- . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat c:\programfiler\Fast Browser Search c:\programfiler\Fast Browser Search\IE\1.bat c:\programfiler\Fast Browser Search\IE\about.html c:\programfiler\Fast Browser Search\IE\affid.dat c:\programfiler\Fast Browser Search\IE\basis.xml c:\programfiler\Fast Browser Search\IE\basis_br.xml c:\programfiler\Fast Browser Search\IE\basis_de.xml c:\programfiler\Fast Browser Search\IE\basis_en.xml c:\programfiler\Fast Browser Search\IE\basis_es.xml c:\programfiler\Fast Browser Search\IE\basis_fr.xml c:\programfiler\Fast Browser Search\IE\basis_it.xml c:\programfiler\Fast Browser Search\IE\basis_nr.xml c:\programfiler\Fast Browser Search\IE\basis_pt.xml c:\programfiler\Fast Browser Search\IE\basis_ru.xml c:\programfiler\Fast Browser Search\IE\basis_tr.xml c:\programfiler\Fast Browser Search\IE\BHO.dll c:\programfiler\Fast Browser Search\IE\ClearRecycleBin.exe c:\programfiler\Fast Browser Search\IE\error.html c:\programfiler\Fast Browser Search\IE\FBSPlugin.dll c:\programfiler\Fast Browser Search\IE\fbsProtection.xml c:\programfiler\Fast Browser Search\IE\FbsSearchProvider.xml c:\programfiler\Fast Browser Search\IE\FbsSearchProviderIE8.exe c:\programfiler\Fast Browser Search\IE\FBStoolbar.dll c:\programfiler\Fast Browser Search\IE\fbstoolbar.jar c:\programfiler\Fast Browser Search\IE\fbstoolbar.manifest c:\programfiler\Fast Browser Search\IE\icons.bmp c:\programfiler\Fast Browser Search\IE\info.txt c:\programfiler\Fast Browser Search\IE\local.xml c:\programfiler\Fast Browser Search\IE\logobg.bmp c:\programfiler\Fast Browser Search\IE\MTWBtoolbar.html c:\programfiler\Fast Browser Search\IE\search.bmp c:\programfiler\Fast Browser Search\IE\search_br.bmp c:\programfiler\Fast Browser Search\IE\search_de.bmp c:\programfiler\Fast Browser Search\IE\search_es.bmp c:\programfiler\Fast Browser Search\IE\search_fr.bmp c:\programfiler\Fast Browser Search\IE\search_it.bmp c:\programfiler\Fast Browser Search\IE\search_pt.bmp c:\programfiler\Fast Browser Search\IE\search_ru.bmp c:\programfiler\Fast Browser Search\IE\SearchAssistant.dll c:\programfiler\Fast Browser Search\IE\SearchGuardPlus.exe c:\programfiler\Fast Browser Search\IE\SearchGuardPlus.ico c:\programfiler\Fast Browser Search\IE\SGPU.ico c:\programfiler\Fast Browser Search\IE\sgpUpdater.exe c:\programfiler\Fast Browser Search\IE\sgpUpdater.xml c:\programfiler\Fast Browser Search\IE\SGPUpdaterS.exe c:\programfiler\Fast Browser Search\IE\tbhelper.dll c:\programfiler\Fast Browser Search\IE\tbs_include_script_003175.js c:\programfiler\Fast Browser Search\IE\tbs_include_script_005064.js c:\programfiler\Fast Browser Search\IE\tbs_include_script_012817.js c:\programfiler\Fast Browser Search\IE\Toolbar Help.htm c:\programfiler\Fast Browser Search\IE\ToolBarBHO.dll c:\programfiler\Fast Browser Search\IE\uninstall.exe c:\programfiler\Fast Browser Search\IE\uninstalSGP.exe c:\programfiler\Fast Browser Search\IE\uninstalSGPU.exe c:\programfiler\Fast Browser Search\IE\update.exe c:\programfiler\Fast Browser Search\IE\version.txt c:\programfiler\SGPSA c:\programfiler\SGPSA\BHO.dll c:\programfiler\SGPSA\SearchAssistant.dll c:\recycler\S-1-5-21-4262935054-2434202923-173283833-500 c:\recycler\S-1-5-21-489248529-1699838375-1845911597-318968 c:\windows\jestertb.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-24 til 2010-04-24 ))))))))))))))))))))))))))))))))) . 2010-04-24 10:18 . 2010-04-24 10:18 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\Malwarebytes 2010-04-24 10:18 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-24 10:18 . 2010-04-24 10:18 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-04-24 10:18 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-24 10:18 . 2010-04-24 10:18 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-04-20 15:11 . 2010-04-20 15:11 242696 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgtdix.sys 2010-04-20 15:10 . 2010-04-20 15:10 1689952 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgupd.dll 2010-04-16 06:21 . 2010-02-12 04:35 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll 2010-04-16 06:21 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll 2010-04-16 06:21 . 2010-01-13 14:06 86016 -c----w- c:\windows\system32\dllcache\cabview.dll 2010-04-08 09:07 . 2010-04-08 09:07 4255072 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgcorex.dll 2010-04-05 20:14 . 2010-04-05 20:14 4076824 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgui.exe 2010-04-05 20:14 . 2010-04-05 20:14 2059544 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgtray.exe 2010-04-05 20:14 . 2010-04-05 20:14 1598744 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgssie.dll 2010-04-05 20:14 . 2010-04-05 20:14 1515224 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgwd.dll 2010-04-05 20:14 . 2010-04-05 20:14 1274136 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgfrw.exe 2010-04-05 20:14 . 2010-04-05 20:14 598296 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgsrmx.dll 2010-04-05 20:14 . 2010-04-05 20:14 556824 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgchjwx.dll 2010-04-05 20:14 . 2010-04-05 20:14 459544 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgcclix.dll 2010-04-05 20:14 . 2010-04-05 20:14 341272 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgxch32.dll 2010-04-05 20:14 . 2010-04-05 20:14 313112 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avglogx.dll 2010-04-05 20:14 . 2010-04-05 20:14 1086744 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgchsvx.exe 2010-04-05 20:14 . 2010-04-05 20:14 301336 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgchclx.dll 2010-04-05 20:13 . 2010-04-05 20:13 1035032 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgupd.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-24 10:31 . 2009-10-06 21:08 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\Skype 2010-04-22 19:10 . 2009-10-04 15:52 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\Spotify 2010-04-21 08:05 . 2010-02-09 11:51 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-20 19:33 . 2009-08-31 14:10 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\LimeWire 2010-04-20 15:10 . 2009-12-13 17:47 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-19 14:47 . 2009-10-06 21:11 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\skypePM 2010-03-29 10:38 . 2008-04-09 04:10 81368 ----a-w- c:\windows\system32\perfc014.dat 2010-03-29 10:38 . 2008-04-09 04:10 447564 ----a-w- c:\windows\system32\perfh014.dat 2010-03-21 17:49 . 2009-12-15 21:23 79488 ----a-w- c:\documents and settings\eliven.UNETT\Programdata\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-18 14:38 . 2010-03-18 14:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-18 14:38 . 2009-12-13 17:46 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-18 14:37 . 2009-12-13 17:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 12:38 . 2008-04-09 04:10 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2008-04-09 04:10 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2008-04-09 04:10 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:11 . 2008-04-09 04:10 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2008-04-09 04:10 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 08:16 . 2009-10-18 17:08 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-16 19:10 . 2004-08-04 00:58 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 19:10 . 2004-08-04 00:58 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-12 04:35 . 2008-04-09 04:10 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-09 04:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464] "{5ec1b3d3-5799-460d-ab49-9079669a5d3f}"= "c:\programfiler\softmanoc\tbsof1.dll" [2010-02-15 2349080] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_CLASSES_ROOT\clsid\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}] 2008-07-25 10:16 282112 ----a-w- c:\windows\system32\mscoree.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}] 2010-02-15 11:31 2349080 ----a-w- c:\programfiler\softmanoc\tbsof1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c14aa221-bae1-45f6-b0b3-90c23f2daa7d}] 2008-12-05 11:35 389120 ----a-w- c:\clue\adxloader.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2009-05-20 12:36 1258808 ----a-w- c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808] "{5ec1b3d3-5799-460d-ab49-9079669a5d3f}"= "c:\programfiler\softmanoc\tbsof1.dll" [2010-02-15 2349080] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CLASSES_ROOT\clsid\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808] "{5EC1B3D3-5799-460D-AB49-9079669A5D3F}"= "c:\programfiler\softmanoc\tbsof1.dll" [2010-02-15 2349080] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CLASSES_ROOT\clsid\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928] "TpShocks"="TpShocks.exe" [2007-11-22 181536] "Apoint"="c:\programfiler\Apoint2K\Apoint.exe" [2007-08-20 172032] "PSQLLauncher"="c:\programfiler\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896] "TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680] "Windows Defender"="c:\programfiler\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752] "V0270Mon.exe"="c:\windows\V0270Mon.exe" [2006-09-26 32768] "SweetIM"="c:\programfiler\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-09-07 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\eliven.UNETT\Start-meny\Programmer\Oppstart\ OpenOffice.org 3.1.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ McAfee Security Scan.lnk - c:\programfiler\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-18 14:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 14:37 34344 ----a-w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2007-12-14 14:36 28672 ----a-w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-112152\Scripts\Logon\0\0] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-267751\Scripts\Logon\0\0] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-318927\Scripts\Logon\0\0] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-318927\Scripts\Logon\1\0] "Script"=\\H-AVS-SR-1\Scripts\Map_Printers.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programfiler\\AVG\\AVG9\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG9\\avgnsx.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.12.2009 19:47 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.12.2009 19:47 242896] R2 avg9wd;AVG Free WatchDog;c:\programfiler\AVG\AVG9\avgwdsvc.exe [18.03.2010 16:38 308064] R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.08.2007 15:46 10896] R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.08.2009 22:48 102448] S2 gupdate1ca7142300344c2;Googles oppdateringstjeneste (gupdate1ca7142300344c2);c:\programfiler\Google\Update\GoogleUpdate.exe [30.11.2009 00:20 133104] S3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [09.01.2009 21:19 225632] S3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [09.01.2009 21:19 6912] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2009-11-29 22:20] 2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2009-11-29 22:20] 2010-04-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2010-04-21 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-04-24 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-04-24 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-22 23:30] . . ------- Tilleggsskanning ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://avs.hfk.no mStart Page = hxxp://www.shareware-no.com/no/index.php?rvs=hompag uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\eliven.UNETT\Programdata\Mozilla\Firefox\Profiles\2hcvzv63.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Microsoft\Office Live\npOLW.dll FF - plugin: c:\programfiler\Real\Netscape6\nppl3260.dll FF - plugin: c:\programfiler\Real\Netscape6\nprjplug.dll FF - plugin: c:\programfiler\Real\Netscape6\nprpjplug.dll FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-msnmsgr - ~c:\programfiler\Windows Live\Messenger\msnmsgr.exe HKCU-Run-poll title - c:\docume~1\ELIVEN~1.UNE\PROGRA~1\ARMYWI~1\Dent aim.exe Notify-NavLogon - (no file) ************************************************************************** skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"c:\programfiler\Windows Live\Messenger\msnmsgr.exe" /background? skanner skjulte filer ... skanning vellykket skjulte filer: ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1168) c:\windows\system32\psqlpwd.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll c:\programfiler\ThinkVantage Fingerprint Software\bio.dll c:\programfiler\ThinkVantage Fingerprint Software\remote.dll c:\programfiler\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'lsass.exe'(1248) c:\windows\system32\psqlpwd.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll . Tidspunkt ferdig: 2010-04-24 13:07:37 ComboFix-quarantined-files.txt 2010-04-24 11:07 Pre-Run: 67 840 716 800 byte ledig Post-Run: 67 802 218 496 byte ledig - - End Of File - - 285E6A2BBEAB924757A45BB9AFBD9C90 Endret 24. april 2010 av LunaticFanatic 1 Lenke til kommentar
norbat Skrevet 26. april 2010 Rapporter Del Skrevet 26. april 2010 (endret) Ser greit ut. Hvis SweetIM ikke er noe som må brukes, avinstaller. Endret 26. april 2010 av norbat Lenke til kommentar
IcedInsanity Skrevet 27. april 2010 Forfatter Rapporter Del Skrevet 27. april 2010 Okay, takker SweetIM hadde eg tenkt å fjerne uansett, føler det er bare tull med det.(Når eg hadde det) 1 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå